In Django, you need to properly set the ALLOWED_HOSTS setting when DEBUG=False. This is a security mechanism. It prevents attackers from poisoning caches or password reset emails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe web server configurations.